I am trying to send a Get request to my client server using the RESTAdapter, and I am required to pass an AuthToken along with the request (as a header param) in order to be authorized. I’ve tested the Get request with AuthToken using Chrome Postman and it works just fine, but using the code below I always get error 401 unauthorized, can someone please tell me what I am doing wrong and how to send the AuthToken? Thanks

@jamalsoueidan I’ve already tried doing it the ember way as shown in my question but it didn’t work…it returns error 401.

One thing thought not sure if it will make a difference (please excuse my ignorance), the API documentation include a call for authentication where I should send a payload to get the AuthToken which I’ve used in my Get request. But I am not sure if this is necessary as I’ve tried using Chrome Postman to process the Get request without first authenticating with payload and it worked just fine…make sense?

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use.

This just does not seem to be working. I’ve tried the examples that were given in the documentation to no avail. If I hard-code it without the function, they are inserted. If I try to make it dynamic - the code inside never executes (verified by logging to the console). Even if it isn’t dynamic like the examples, they don’t get added to the headers:

I am almost positive the options header is sent from the browser itself because of the cross domain request. It does this to make sure that the requested domain has a cors policy to allow your current domain to make the request. If the response to the options request contains a valid cors policy the browser will then send the xhr request that you crafted. There is likely something wrong with your cors policy if your intended xhr request never makes it through.

I was having this same issue and none of the above solutions fixed it.
Turns out if you are sending an ajax/XHR request to a different domain, your browser will automatically send a “preflight” HTTP OPTIONS request before sending your actual request.

So, as other folks alluded, your backend has to respond to that preflight correctly before the browser will send the actual request with your custom headers.

Here’s what happened to me- my backend responded to the preflight request with the right headers and a 401 code (because the requested route required authorization). My browser decided to respond by sending the real request without my custom headers. So, it APPEARED that my browser had accepted the preflight response, but in reality it had not. I had to make sure my backend responded to the preflight request with a 200 code, that fixed my problem! Now my browser responds with the actual request and no longer discards my custom headers.